Skillv1.0.0

ClawScan security

Lofy Projects · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:35 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions are internally consistent for a local project-management helper, but a few runtime behaviors (meeting detection and proactive sending) are vague and could cause the agent to access external calendars or messaging channels if not constrained.
Guidance: This skill appears coherent for local project tracking: it wants to read and update a projects JSON file and produce prioritization and meeting-prep text. Before installing, confirm two things: (1) where meeting detection and 'send prep' actions will read/write (calendar, email, chat), and ensure you are comfortable granting access to only those specific services; (2) that the agent's file-write permissions are limited to the intended data/projects.json location (backup your files if needed). If you need the skill to send messages or access calendars, prefer explicit, auditable connectors (e.g., a calendar API token you supply with clear scopes) rather than letting the agent guess how to detect meetings. If you cannot get clarification from the author, treat proactive scheduling/sending as an operational risk and disable autonomous/background invocation for this skill.

Review Dimensions

Purpose & Capability: okName/description (project management, prioritization, meeting prep, time logging) match the instructions: read/update a projects JSON, compute priority scores, flag stale projects, and provide meeting prep. The skill does not request unrelated binaries, credentials, or config paths.
Instruction Scope: noteMost instructions are confined to reading/updating data/projects.json and producing recommendations. However, 'When a meeting is detected' and 'Send prep 2 hours before' are underspecified: they imply detecting external events (calendar/meeting system) and sending messages but do not declare how or where. That ambiguity could lead the agent to access calendars, email, or messaging integrations without explicit declared access.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written by an installer.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. Its stated operations (local JSON read/write) are proportionate to the purpose. There is no unexplained request for secrets or external credentials.
Persistence & Privilege: notealways:false and default autonomous invocation are appropriate. That said, the instruction to 'proactively send prep 2 hours before' implies ongoing monitoring or scheduled triggers; achieving that behavior would require either external scheduler/cron or background invocation and possibly access to calendar/messaging — the skill does not request persistent presence explicitly.